Dossier
Elasticsearch
Coverage of Elasticsearch in the Nexus archive.
- Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
A lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch, and DevOps libraries, using typosquatting and metadata spoofing to steal cloud credentials and CI/CD secrets. Microsoft reported the attack, which involved a credential-harvesting payload and techniques like inflated version numbers to appear legitimate, with all packages later removed.
- Find vendors used by any company
A resource website that helps identify vendors and sub-processors used by companies, with a specific page dedicated to Elasticsearch. The article appears to be a directory tool for transparency around third-party service providers.